volatility3.framework.layers.scanners package¶

class BytesScanner(needle)[source]¶

Bases: volatility3.framework.interfaces.layers.ScannerInterface

property context: Optional[volatility3.framework.interfaces.context.ContextInterface]¶

Return type: Optional[ContextInterface]

property layer_name: Optional[str]¶

Return type: Optional[str]

thread_safe = True¶

version = (0, 0, 0)¶

class MultiStringScanner(patterns)[source]¶

Bases: volatility3.framework.interfaces.layers.ScannerInterface

property context: Optional[volatility3.framework.interfaces.context.ContextInterface]¶

Return type: Optional[ContextInterface]

property layer_name: Optional[str]¶

Return type: Optional[str]

search(haystack)[source]¶

Return type: Generator[Tuple[int, bytes], None, None]

thread_safe = True¶

version = (0, 0, 0)¶

class RegExScanner(pattern, flags=RegexFlag.DOTALL)[source]¶

Bases: volatility3.framework.interfaces.layers.ScannerInterface

A scanner that can be provided with a bytes-object regular expression pattern The scanner will scqn all blocks for the regular expression and report the absolute offset of any finds

The default flags include DOTALL, since the searches are through binary data and the newline character should have no specific significance in such searches

property context: Optional[volatility3.framework.interfaces.context.ContextInterface]¶

Return type: Optional[ContextInterface]

property layer_name: Optional[str]¶

Return type: Optional[str]

thread_safe = True¶

version = (0, 0, 0)¶

Submodules¶

volatility3.framework.layers.scanners.multiregexp module

Read the Docs v: v2.0.1

Versions: latest; stable; v2.0.1; v2.0.0; v1.0.1; v1.0.0; develop

Downloads

On Read the Docs: Project Home; Builds

Free document hosting provided by Read the Docs.